Hacker found guilty of massive AT&T-iPad site breach

Jury convicts Andrew Auernheimer of unauthorized access and identity theft in connection with the theft of data belonging to more than 100,000 iPad users on the carrier's 3G network.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Andrew Auernheimer. anonymous

A hacker has been found guilty of breaking into an AT&T Web site and stealing data of more than 100,000 iPad users.

Andrew Auernheimer, 26, was convicted Tuesday in federal court in New Jersey of one count of conspiracy to gain unauthorized access to computers and one count of identity theft. The jury reached its verdict within hours of beginning deliberations, according to Wired.

After the verdict was announced, Auernheimer tweeted that the outcome had been expected and that an appeal was planned.

Auernheimer and co-defendant Daniel Spitler were arrested and charged in January 2011 after discovering a hole in 2010 in AT&T's Web site that allowed access to iPad users' e-mail addresses and unique identifiers used to authenticate the devices to AT&T's 3G wireless network.

Spitler wrote a script called the "iPad 3G Account Slurper" and used it against AT&T servers in 2010 to harvest e-mail addresses and associated unique iPad numbers, and plotted with Auernheimer on how to take advantage of the security hole, according to the U.S. Department of Justice office in Newark, N.J. Spitler pleaded guilty to the charges in June 2011.

In an interview with CNET in 2010, Auernheimer admitted that the hackers had compromised the AT&T 3G iPad customer Web site and released data on 120,000 accounts but said they did so with the intention of warning AT&T and protecting consumers.

Auernheimer faces up to 10 years in prison and $500,000 in fines.